packetfu 1.0.0 → 1.0.2.pre

data/test/test_eth.rb

@@ -1,7 +1,8 @@
 #!/usr/bin/env ruby
 require 'test/unit'
-$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+$:.unshift File.expand_path(File.join(File.dirname(__FILE__), "..", "lib"))
 require 'packetfu'
+puts "Testing #{PacketFu.version}: #{$0}"
 
 class EthTest < Test::Unit::TestCase
 

data/test/test_hsrp.rb

@@ -0,0 +1,71 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+class HSRPTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_hsrp_read
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')[0]
+		pkt = Packet.parse(sample_packet)
+		assert pkt.is_hsrp?
+		assert pkt.is_udp?
+		assert_equal(0x2d8d, pkt.udp_sum.to_i)
+		# pkt.to_f('udp_test.pcap','a')
+	end
+
+=begin
+# The rest of these tests are snarfed from UDP. TODO: need to update
+# these for hsrp, shouldn't be long.
+	def test_hsrp_pcap
+		u = UDPPacket.new
+		assert_kind_of UDPPacket, u
+		u.recalc
+		u.to_f('udp_test.pcap','a')
+		u.ip_saddr = "10.20.30.40"
+		u.ip_daddr = "50.60.70.80"
+		u.payload = "+some fakey-fake udp packet"
+		u.udp_src = 1205
+		u.udp_dst = 13013
+		u.recalc
+		u.to_f('udp_test.pcap','a')
+	end
+
+	def test_udp_peek
+		u = UDPPacket.new
+		u.ip_saddr = "10.20.30.40"
+		u.ip_daddr = "50.60.70.80"
+		u.udp_src = 53
+		u.udp_dport = 1305
+		u.payload = "abcdefghijklmnopqrstuvwxyz"
+		u.recalc
+		puts "\n"
+		puts "UDP Peek format: "
+		puts u.peek
+		assert_equal 78,u.peek.size
+	end
+
+	def test_udp_checksum
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
+		pkt = Packet.parse(sample_packet)
+		assert_kind_of UDPPacket, pkt
+		pkt.recalc
+		assert_equal(0x8bf8, pkt.udp_sum.to_i)
+		pkt.to_f('udp_test.pcap','a')
+	end
+
+	def test_udp_alter
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
+		pkt = Packet.parse(sample_packet)
+		assert_kind_of UDPPacket, pkt
+		pkt.payload = pkt.payload.gsub(/metasploit/,"MeatPistol")
+		pkt.recalc
+		assert_equal(0x8341, pkt.udp_sum)
+		pkt.to_f('udp_test.pcap','a')
+	end
+=end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_packet.rb

@@ -1,25 +1,78 @@
 #!/usr/bin/env ruby
 require 'test/unit'
-$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+$:.unshift File.expand_path(File.join(File.dirname(__FILE__), "..", "lib"))
 require 'packetfu'
+puts "Testing #{PacketFu.version}: #{$0}"
 
-class EthPacketTest < Test::Unit::TestCase
+class NewPacketTest < Test::Unit::TestCase
+	include PacketFu
+	
+	def test_method_missing_and_respond_to
+		p = TCPPacket.new
+		assert p.respond_to?(:ip_len)
+		assert p.ip_len = 20
+		assert !(p.respond_to? :ip_bogus_header)
+		assert_raise NoMethodError do
+			p.bogus_header = 20
+		end
+	end
+
+	def test_more_method_missing_magic
+		p = UDPPacket.new
+		assert_kind_of(UDPPacket,p)
+		assert p.is_udp?
+		assert p.is_ip?
+		assert p.is_eth?
+		assert_equal(p.ip_hl,5)
+		assert p.layer
+		assert_raise NoMethodError do 
+			p.is_blue? 
+		end
+		assert_raise NoMethodError do
+		 	p.tcp_blue
+		end
+		assert_raise NoMethodError do 
+			p.udp_blue 
+		end
+		assert_raise NoMethodError do
+			p.blue
+		end
+	end
+end
+
+class PacketStrippingTest < Test::Unit::TestCase
+
+	include PacketFu
+
+	def test_arp_strip
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[5], :fix => true) # Really ARP request.
+		assert_kind_of(Packet,p)
+		assert_kind_of(ARPPacket,p)
+	end
+
+end
+
+class PacketParsersTest < Test::Unit::TestCase
 	include PacketFu
 
 	def test_parse_eth_packet
+		assert_equal(EthPacket.layer, 1)
+		assert_equal(EthPacket.layer_symbol, :link)
 		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
 		p = Packet.parse(pcaps[5]) # Really ARP.
 		assert_kind_of(Packet,p)
 		assert_kind_of(EthHeader, p.headers[0])
 		assert p.is_eth?
-		assert p.is_ethernet?
 		assert_equal(pcaps[5],p.to_s)
 	end
 
 	def test_parse_arp_request
+		assert_equal(ARPPacket.layer, 2)
 		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
 		p = Packet.parse(pcaps[5]) # Really ARP request.
 		assert p.is_eth?
+		assert_kind_of(EthPacket,p)
 		assert_kind_of(ARPPacket,p)
 		assert p.is_arp?
 		assert_equal(p.to_s, pcaps[5])
@@ -28,6 +81,7 @@ class EthPacketTest < Test::Unit::TestCase
 	end
 
 	def test_parse_arp_reply
+		assert_equal(ARPPacket.layer, 2)
 		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
 		p = Packet.parse(pcaps[6]) # Really ARP reply.
 		assert_equal(p.to_s, pcaps[6])
@@ -35,6 +89,86 @@ class EthPacketTest < Test::Unit::TestCase
 		assert_equal("\x00\x02", p.headers.last[:arp_opcode].to_s)
 	end
 
+	def test_parse_ip_packet
+		assert_equal(IPPacket.layer, 2)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[0]) # Really DNS request 
+		assert_equal(p.to_s[0,20], pcaps[0][0,20])
+		assert_equal(p.to_s, pcaps[0])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+	end
+
+	def test_parse_tcp_packet
+		assert_equal(TCPPacket.layer, 3)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[7]) # Really FIN/ACK
+		assert_equal(p.to_s, pcaps[7])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+		assert_kind_of(TCPPacket,p)
+	end
+
+	def test_parse_udp_packet
+		assert_equal(UDPPacket.layer, 3)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[0]) # Really DNS request
+		assert_equal(p.to_s, pcaps[0])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+		assert_kind_of(UDPPacket,p)
+	end
+
+	def test_parse_icmp_packet
+		assert_equal(ICMPPacket.layer, 3)
+		assert_equal(ICMPPacket.layer_symbol, :transport)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[3]) # Really ICMP reply
+		assert_equal(p.to_s, pcaps[3])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+		assert_kind_of(ICMPPacket,p)
+	end
+
+	def test_parse_invalid_packet
+		assert_equal(InvalidPacket.layer, 0)
+		assert_equal(InvalidPacket.layer_symbol, :invalid)
+		p = Packet.parse("\xff\xfe\x00\x01")
+		assert_equal(p.to_s, "\xff\xfe\x00\x01")
+		assert_kind_of(InvalidPacket,p)
+	end
+
+	def test_parse_ipv6_packet
+		assert_equal(IPv6Packet.layer, 2)
+		assert_equal(IPv6Packet.layer_symbol, :internet)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample-ipv6.pcap')
+		p = Packet.parse(pcaps[0]) # Really an IPv6 packet 
+		assert_equal(p.to_s, pcaps[0])
+		assert_kind_of(EthPacket,p)
+		assert(!p.kind_of?(IPPacket), "Misidentified as an IP Packet!")
+		assert_kind_of(IPv6Packet,p)
+	end
+
+	def test_parse_hsrp_packet
+		assert_equal(HSRPPacket.layer, 4)
+		assert_equal(HSRPPacket.layer_symbol, :application)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')
+		p = Packet.parse(pcaps[0]) # Really an HSRP Hello packet 
+		assert_equal(p.to_s, pcaps[0])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+		assert_kind_of(UDPPacket,p)
+		assert_kind_of(HSRPPacket,p)
+	end
+
+	def test_parse_hsrp_as_udp
+		assert_equal(:application, HSRPPacket.layer_symbol)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')
+		p = Packet.parse(pcaps[0], :parse_app => false) # Really an HSRP Hello packet 
+		assert_kind_of(UDPPacket,p)
+		assert(!p.kind_of?(HSRPPacket), "Misidentified HSRP packet when we didn't want it!" )
+	end
+
 end
 
 

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification 
 name: packetfu
 version: !ruby/object:Gem::Version 
-  hash: 23
-  prerelease: false
+  hash: 1344461223
+  prerelease: 6
   segments: 
   - 1
   - 0
-  - 0
-  version: 1.0.0
+  - 2
+  - pre
+  version: 1.0.2.pre
 platform: ruby
 authors: 
 - Tod Beardsley
@@ -15,13 +16,29 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-07-31 00:00:00 -05:00
+date: 2011-05-22 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: pcaprub
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 63
+        segments: 
+        - 0
+        - 9
+        - 2
+        version: 0.9.2
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -31,7 +48,7 @@ dependencies:
         - 0
         version: "0"
   type: :development
-  version_requirements: *id001
+  version_requirements: *id002
 description: PacketFu is a mid-level packet manipulation library for Ruby. With it, users can read, parse, and write network packets with the level of ease and fun they expect from Ruby. Note that this gem does not automatically require pcaprub, since users may install pcaprub through non-gem means.
 email: todb@planb-security.net
 executables: []
@@ -44,44 +61,56 @@ extra_rdoc_files:
 - .document
 files: 
 - lib/packetfu.rb
-- lib/packetfu/tcp.rb
-- lib/packetfu/eth.rb
+- lib/packetfu/version.rb
 - lib/packetfu/structfu.rb
-- lib/packetfu/ipv6.rb
 - lib/packetfu/capture.rb
 - lib/packetfu/pcap.rb
-- lib/packetfu/udp.rb
 - lib/packetfu/config.rb
-- lib/packetfu/arp.rb
-- lib/packetfu/ip.rb
 - lib/packetfu/inject.rb
-- lib/packetfu/invalid.rb
+- lib/packetfu/protos/tcp.rb
+- lib/packetfu/protos/eth.rb
+- lib/packetfu/protos/ipv6.rb
+- lib/packetfu/protos/udp.rb
+- lib/packetfu/protos/arp.rb
+- lib/packetfu/protos/ip.rb
+- lib/packetfu/protos/invalid.rb
+- lib/packetfu/protos/icmp.rb
+- lib/packetfu/protos/hsrp.rb
 - lib/packetfu/utils.rb
-- lib/packetfu/icmp.rb
 - lib/packetfu/packet.rb
 - CHANGES
 - INSTALL
 - LICENSE
 - README
 - .document
-- TODO
 - test/test_octets.rb
 - test/test_icmp.rb
+- test/udp_test.pcap
 - test/sample2.pcap
 - test/sample.pcap
 - test/test_ip6.rb
 - test/all_tests.rb
 - test/test_invalid.rb
+- test/packetfu_spec.rb
 - test/test_packet.rb
 - test/test_pcap.rb
+- test/icmp_test.pcap
 - test/test_udp.rb
+- test/sample_hsrp_pcapr.cap
 - test/test_tcp.rb
+- test/tcp_test.pcap
 - test/test_arp.rb
+- test/arp_test.pcap
 - test/test_inject.rb
 - test/test_eth.rb
+- test/sample-ipv6.pcap
+- test/test_hsrp.rb
 - test/test_structfu.rb
 - test/ptest.rb
+- test/ip_test.pcap
+- test/eth_test.pcap
 - test/test_ip.rb
+- test/structfu_spec.rb
 - examples/oui.txt
 - examples/uniqpcap.rb
 - examples/examples.rb
@@ -115,16 +144,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version 
-      hash: 3
+      hash: 25
       segments: 
-      - 0
-      version: "0"
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
 requirements: []
 
 rubyforge_project: packetfu
-rubygems_version: 1.3.7
+rubygems_version: 1.4.2
 signing_key: 
 specification_version: 3
 summary: PacketFu is a mid-level packet manipulation library.
@@ -140,5 +171,6 @@ test_files:
 - test/test_arp.rb
 - test/test_inject.rb
 - test/test_eth.rb
+- test/test_hsrp.rb
 - test/test_structfu.rb
 - test/test_ip.rb

data/TODO

@@ -1,25 +0,0 @@
-TODO for PacketFu
-
-Bugs:
-
-See http://code.google.com/p/packetfu/issues/list
-
-Next major version:
-
-Rewrite TCPOpts to be safe and sane by using BinData structs
-
-Pcapfiles should take and honor usec fields.
-
-Collect Metasploit diffs to incorporate. 
-
-Someday:
-Rewrite the whole protocol tree so a simple 'require protocol' is sufficent.
-
-Think about adding taint values to rewritten packets?
-
---Merge in release version of BinData once readeof-patch is committed to a tagged version--
-
-Fix up setup.rb to prompt for an overwrite of existing BinData and Pcaprub installations.
-
-Create a gem distribution (?? I dunno I still kind of hate gems)
-